Quiz Entry - updated: 2026.06.04
What is meant by the "Human Factor" in information security, and why is it double-edged?
The human factor covers security violations caused by human error and misbehavior — making people simultaneously one of the biggest risk factors AND one of the biggest protection factors.
Key statements:
- It's the case when human error or misbehavior leads to a violation of information security
- Humans are among the largest risk factors — but the same humans, sensitized, are among the largest protection factors: an alert employee who reports the odd mail stops attacks every firewall missed
- Employees play a decisive role in protecting the organization's assets
- Misactions come in three flavors: vorsätzlich (deliberate/malicious), bewusst (conscious — knowingly bending rules, e.g. workarounds), and unbewusst (unconscious — honest mistakes)
- Security awareness training is a main instrument for improving information security
Tip: The three-flavor distinction matters for response: unconscious errors call for training, conscious workarounds call for reducing friction (why was the rule bypassed?), and deliberate acts call for sanctions and monitoring. One response for all three fails for all three.